Lucene search
K

6706 matches found

Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.6 views

Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals

Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 5:58 p.m.3 views

CVE-2026-33401 Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

7.1CVSS5.8AI score0.00283EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 5:58 p.m.4 views

CVE-2026-33401

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS7.2AI score0.00497EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/03/24 5:58 p.m.22 views

CVE-2026-33401 Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

7.1CVSS0.00283EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/24 5:58 p.m.4 views

CVE-2026-33401 Wallos: Incomplete fix for CVE-2026-30840 - SSRF in AI and notification endpoints bypass ssrf_helper.php

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

7.1CVSS7.2AI score0.00497EPSS
Exploits2References3
CVE
CVE
added 2026/03/24 5:58 p.m.14 views

CVE-2026-33401

CVE-2026-33401 concerns Wallos, an open-source personal subscription tracker. Before 4.7.0, an incomplete SSRF fix allowed an authenticated user to reach internal network services, cloud metadata endpoints (AWS IMDSv1, GCP, Azure IMDS), or localhost-bound services by crafting URLs exposed to the ...

7.1CVSS7.2AI score0.00497EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27470

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the patch introduced in commit e8a513591 CVE-2026-30840 added SSRF protection to notification test endpoints but left three additional attack surfaces unprotected: the AI Ollama host parameter, the AI...

8.8CVSS5.8AI score0.00497EPSS
Exploits2References4
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.10 views

Model Context Protocol Threat Modeling and Analyzing Vulnerabilities to Prompt Injection with Tool Poisoning

The Model Context Protocol MCP has rapidly emerged as a universal standard for connecting AI assistants to external tools and data sources. While MCP simplifies integration between AI applications and various services, it introduces significant security vulnerabilities, particularly on the client...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.19 views

Auditing MCP Servers for Over-Privileged Tool Capabilities

The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.10 views

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/10 6:31 p.m.2 views

GHSA-8JRH-7JG8-FVMV Vaadin: Specially crafted ZIP archives can escape the intended extraction directory

Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...

2.3CVSS5.8AI score0.00342EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/03/08 12:0 a.m.3 views

Post-Quantum Federated Learning: Secure and Scalable Threat Intelligence for Collaborative Cyber Defense

Collaborative threat intelligence via federated learning FL faces critical risks from quantum computing, which can compromise classical encryption methods. This study proposes a quantum-secure FL framework using post-quantum cryptography PQC to protect cross-organizational data sharing. We expose...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/06 9:25 a.m.16 views

Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console

Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...

10CVSS5.9AI score0.01418EPSS
Exploits4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/04 8:45 a.m.4 views

CVE-2025-66168

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

5.4CVSS6AI score0.0078EPSS
Exploits0References2Affected Software3
GithubExploit
GithubExploit
added 2026/02/27 10:24 p.m.497 views

cipher-xbow-benchmark

Cipher XBOW Benchmark Results Black-box assessment results fr...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/22 5:30 a.m.142 views

KAVACHx

Intelligent Exploit & Patch Management Platform A full-stack...

5.6AI score
Exploits0
OSV
OSV
added 2026/02/18 12:57 a.m.6 views

GHSA-V6C6-VQQG-W888 OpenClaw affected by potential code execution via unsafe hook module path handling in Gateway

Summary OpenClaw Gateway supports hook mappings with optional JavaScript/TypeScript transform modules. In affected versions, the gateway did not sufficiently constrain configured module paths before passing them to dynamic import. Under some configurations, a user who can modify gateway...

8.6CVSS6.2AI score0.00405EPSS
Exploits0References7
Microsoft Secure
Microsoft Secure
added 2026/02/10 2:56 p.m.10 views

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful "Summarize with AI" button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/02/10 2:56 p.m.6 views

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful "Summarize with AI" button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding...

5.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/10 5:37 a.m.5 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (January 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

5.4AI score
Exploits0Affected Software1
Rows per page
Query Builder